144 lines
4.5 KiB
Plaintext
144 lines
4.5 KiB
Plaintext
# =============================================================================
|
|
# TFM aInventory - Backend Configuration Schema (v1.12.0)
|
|
# =============================================================================
|
|
# Purpose: Configuration for the FastAPI backend, database, AI, and logging.
|
|
# Load order: system environment variables > config/backend.yaml > code defaults.
|
|
# Required/Optional: Most are optional; defaults in code provide sensible behavior.
|
|
# =============================================================================
|
|
|
|
# --- Database & Storage ---
|
|
database:
|
|
# Path to SQLite database file (relative to backend/ folder)
|
|
# Default: data/inventory.db
|
|
# Environment: BACKEND_DATABASE_SQLITE_PATH
|
|
sqlite_path: "data/inventory.db"
|
|
|
|
# Keep database logs for performance auditing?
|
|
# Default: true
|
|
# Environment: BACKEND_DATABASE_WAL_MODE
|
|
wal_mode: true
|
|
|
|
# How many days of audit logs to keep?
|
|
# Default: 30
|
|
# Environment: BACKEND_DATABASE_LOG_RETENTION_DAYS
|
|
log_retention_days: 30
|
|
|
|
# --- AI & Vision Services ---
|
|
ai:
|
|
# Primary provider for image OCR and classification (gemini|claude)
|
|
# Default: gemini
|
|
# Environment: BACKEND_AI_PRIMARY_AI_PROVIDER
|
|
primary_ai_provider: "gemini"
|
|
|
|
# Fallback provider if primary fails
|
|
# Default: claude
|
|
# Environment: BACKEND_AI_FALLBACK_PROVIDER
|
|
fallback_provider: "claude"
|
|
|
|
# Gemini API Key (obtain from https://aistudio.google.com/)
|
|
# Environment: BACKEND_AI_GEMINI_API_KEY or GEMINI_API_KEY
|
|
gemini_api_key: "your-gemini-api-key"
|
|
|
|
# Claude API Key (obtain from Anthropic Console)
|
|
# Environment: BACKEND_AI_CLAUDE_API_KEY or CLAUDE_API_KEY
|
|
claude_api_key: "your-claude-api-key"
|
|
|
|
# --- Authentication & LDAP ---
|
|
auth:
|
|
# JWT Secret Key (min 32 chars)
|
|
# Generate with: openssl rand -hex 32
|
|
# Environment: BACKEND_AUTH_JWT_SECRET_KEY or JWT_SECRET_KEY
|
|
jwt_secret_key: "change_me_in_production"
|
|
|
|
# Enable LDAP Authentication?
|
|
# Default: false
|
|
# Environment: BACKEND_AUTH_LDAP_ENABLED or LDAP_ENABLED
|
|
ldap_enabled: false
|
|
|
|
# LDAP Server address (optional)
|
|
# Example: "ldaps://192.168.1.100:636"
|
|
# Environment: BACKEND_AUTH_LDAP_SERVER or LDAP_SERVER
|
|
ldap_server: ""
|
|
|
|
# LDAP Base DN for user search
|
|
# Example: "dc=example,dc=com"
|
|
# Environment: BACKEND_AUTH_LDAP_BASE_DN or LDAP_BASE_DN
|
|
ldap_base_dn: ""
|
|
|
|
# LDAP User DN Template
|
|
# Example: "uid={username},ou=people,dc=example,dc=com"
|
|
# Environment: BACKEND_AUTH_LDAP_USER_TEMPLATE or LDAP_USER_TEMPLATE
|
|
ldap_user_template: "uid={username},ou=people,dc=ldap,dc=lan"
|
|
|
|
# LDAP Groups Base DN
|
|
# Example: "ou=groups,dc=example,dc=com"
|
|
# Environment: BACKEND_AUTH_LDAP_GROUPS_DN or LDAP_GROUPS_DN
|
|
ldap_groups_dn: "ou=groups"
|
|
|
|
# Use TLS for LDAP connection?
|
|
# Default: true
|
|
# Environment: BACKEND_AUTH_LDAP_USE_TLS or LDAP_USE_TLS
|
|
ldap_use_tls: true
|
|
|
|
# Ignore TLS certificate verification? (NOT FOR PRODUCTION)
|
|
# Default: false
|
|
# Environment: BACKEND_AUTH_LDAP_IGNORE_CERT or LDAP_IGNORE_CERT
|
|
ldap_ignore_cert: false
|
|
|
|
# LDAP Role Mappings (List of group-to-role mappings)
|
|
# assigned_role = None (if no match found)
|
|
ldap_role_mappings:
|
|
- group: "inventory_admins"
|
|
role: "admin"
|
|
- group: "inventory_users"
|
|
role: "user"
|
|
|
|
# Path to store hashed passwords for offline use
|
|
# Environment: BACKEND_AUTH_PASSWORD_CACHE_PATH
|
|
password_cache_path: "data/.passwords"
|
|
|
|
# --- Logging & Diagnostics ---
|
|
logging:
|
|
# Log level (DEBUG|INFO|WARNING|ERROR)
|
|
# Default: INFO
|
|
# Environment: BACKEND_LOGGING_LOG_LEVEL or LOG_LEVEL
|
|
log_level: "INFO"
|
|
|
|
# Log file rotation size in megabytes
|
|
# Default: 10
|
|
# Environment: BACKEND_LOGGING_LOG_ROTATION_SIZE_MB
|
|
log_rotation_size_mb: 10
|
|
|
|
# Number of rotated log files to keep
|
|
# Default: 5
|
|
# Environment: BACKEND_LOGGING_LOG_ROTATION_COUNT
|
|
log_rotation_count: 5
|
|
|
|
# --- Application ---
|
|
application:
|
|
# Directory for persistent data
|
|
# Environment: BACKEND_APPLICATION_DATA_DIR or DATA_DIR
|
|
data_dir: "./data"
|
|
|
|
# Directory for log files
|
|
# Environment: BACKEND_APPLICATION_LOGS_DIR or LOGS_DIR
|
|
logs_dir: "./logs"
|
|
|
|
# Comma-separated list of extra allowed CORS origins (IPs/FQDNs)
|
|
# Environment: BACKEND_APPLICATION_CORS_ORIGINS or EXTRA_ALLOWED_ORIGINS
|
|
cors_origins: "http://localhost:8917"
|
|
|
|
# --- Feature Flags ---
|
|
features:
|
|
# Enable AI image extraction and OCR?
|
|
# Default: true
|
|
ai_extraction_enabled: true
|
|
|
|
# Enable offline synchronization features?
|
|
# Default: true
|
|
offline_sync_enabled: true
|
|
|
|
# Enable detailed audit logging for each API request?
|
|
# Default: true
|
|
audit_logging_enabled: true
|